Re: [Efw-user] syn-flood prevention?
I was a long-time user of EFW and liked the product, but I'm not telling you anything you don't already know when I say that they've completely ignored the distro and there's virtually no development or support any longer. Someone here mentioned Ubiquiti's EdgeRouters a while back, so I bought an EdgeRouter Lite. It has been very stable, fast and secure. It doesn't have all of the appliance features, because it's designed as a router/fw first. But you can add debian packages to tweak it -- provided you keep in mind that it has finite cpu and memory. Would be nice if their OS was ready to run on any intel-based box, but their prices are more-than-fair for the hardware. And their forums are very responsive from other users AND the developers. In my case, I replaced a EFW PC and a load-balancer with the one EdgeRouter Lite for way-lower electric consumption and faster throughput. On 2/10/2015 3:35 AM, Andre Mueller wrote: Hello Matt Thank you very much for your answer. This night I found, that our router was not afflicted by an syn-flood attack, but was hacked and was used as an syn-flood server itself. There was no way to save it, as the bad files where distributed over the system and reloaded themself permanently and so I had to set-up the router from fresh. Yes your are right about the future development of the community version and it is wise to move to an other firewall. best regards Am 09.02.2015 um 17:02 schrieb Matt Hayes: I'm only responding as most likely you will not get a response from Endian themselves, I'm not sure why it is not working if you have syn flood protection enabled already. I myself am slowly moving from Endian Firewall Community as I'm not able to get any answers from Endian or their developers at all. There are numerous security issues with the distribution specifically with SSH and openssl. I'm moving to a more up to date and maintained firewall for my needs. Good luck. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Missing SRPMs and new Developer Environment
I have to agree about the lack of community-response in general. It's a great firewall/appliance, but they make it way too hard to customize, tweak and update for an open-source product. I built my own, mini, dev environment in order to patch a few things, but will certainly look into the one Robert produced. I glanced at ZeroShell -- only glanced -- it seems a bit different to Endian. Some packages I see as strengths, others as weaknesses. For example, they leverage BIND, and you need to setup your own DNS. That's not trivial -- dnsmasq is more than sufficient for most SOHO applications. Plus, they built their own linux OS. That means any patches/additions have to be compiled from source and hopefully you have all the dependencies. I would much-prefer a CentOS-based distro that I could (at least somewhat) easily add my own features from standard RPMS. There are some good features there as well, I agree. And I have been long-waiting for Endian to allow true load-balanced WAN connections. On 11/15/2012 4:56 AM, Lorenzo Milesi wrote: I think you are probably right, Endian doesn't seem to be all that responsive. They also don't seem all that interested in complying with the GPL license. I sent an email directly to the folks associated with the EFW sourceforge project. If I don't hear anything back from them in the next couple of days I'll release the dev environment anyways. Despite being Endian very good, I decided to move away for this reason. Bugs never closed, no updates for OS releases, no committment in the community... I'm now testing ZeroShell and pfSense. They both have the same features of EFW and much more, like PPTP support, hotspot, uplink failover, web antivirus... ZS even uses an internal radius server for authentication. pfSense is great as well, but it's on bsd and I'd rather stay on linux ;) -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] warning to EFW users: you may be abusing malwaredomains.com site
OK, I re-read that. I agree, I think we're allowed to use the mirror server. Should've finished my coffee before replying. ;) On 8/31/2012 10:34 AM, compdoc wrote: Sorry, are we not allowed to use the mirror link either? No, I think you have that wrong. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Source Code distribution isn't complete?
Has anyone found compatible versions of these? A way to configure the smart channels to find replacements? Thanks in advance, AJ On 10/20/2011 10:42 AM, Giovanni T. wrote: Hi, I'm trying to compile from source a third-party software on my Endian box. I've downloaded the source package from: http://www.endian.com/en/community/download/ I've unpacked the archive and rsynced its content to my Endian system in /var/build and then I tried to install build-essential: root@efw-1319107248:/var/build/DEVEL_RPMS # rpm -i * error: Failed dependencies: libtool is needed by build-essential-0.4-endian3.i586 ncurses-devel is needed by build-essential-0.4-endian3.i586 libselinux-devel is needed by build-essential-0.4-endian3.i586 glibc-headers is needed by build-essential-0.4-endian3.i586 kernel-devel is needed by build-essential-0.4-endian3.i586 kernel-smp-devel is needed by build-essential-0.4-endian3.i586 rpm-build is needed by build-essential-0.4-endian3.i586 procinfo is needed by build-essential-0.4-endian3.i586 busybox is needed by build-essential-0.4-endian3.i586 newt-devel is needed by build-essential-0.4-endian3.i586 libsmooth is needed by build-essential-0.4-endian3.i586 kernel-PAE-devel is needed by build-essential-0.4-endian3.i586 zlib-devel is needed by build-essential-0.4-endian3.i586 glibc-devel= 2.2.90-12 is needed by gcc-3.4.6-10.endian8.i586 glibc-devel= 2.2.90-12 is needed by gcc4-4.1.2-14.endian1.i586 Why aren't distributed those RPMs? -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Upgrade error
Sorry, I don't understand where you entered your UPGRADED variable. Did you set that in the shell before re-running the script, or did you insert that into the script-file, or did you put that on the command line? Thanks for sharing! -AJ - Original Message - From: Elmar Natter To: efw-user@lists.sourceforge.net Sent: Thursday, November 04, 2010 4:24 AM Subject: Re: [Efw-user] Upgrade error 2010/11/4 Stéphane Parenton steph...@parenton.com Le 03/11/2010 21:36, Elmar Natter a écrit : 2010/11/3 AJ Weber awe...@comcast.net I got this too! Anyone know what this means? I don't think I added or changed anything in the init.d directory. -AJ From: Stéphane Parenton steph...@... Subject: Upgrade error Date: 2010-11-03 18:45:50 GMT (1 hour and 43 minutes ago) Hello, I've just tried the efw-upgrade, and here's the result of the jury : Committing transaction... Preparing... [ 0%] error: file /etc/init.d conflicts between attempted installs of initscripts-2.4.1-0.endian9.i586 and chkconfig-1.3.11.2-1.i586 ERROR: Error during upgrade any hints ? stephane I tried again this morning and did this : First of all, i ran efw-upgrade again.. it failed just like yesterday. As efw-upgrade ran with the same parameter as yesterday, i wanted to see where i could bypass the reload in the script. I put UPGRADED=/etc/upgrade/upgrade.d in comment and rerun efw-upgrade. it seems it has worked ok. Now my box is labelled 2.4.1 so evertyhting is ok... I don't know wether UPGRADED=/etc/upgrade/upgrade.d is important or not in the script so i don't recommend people to do the same... still it worked for me. is it chance ? coincidence ? Yes, I can confirm this. After this it worked flawless. E. -- -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Upgrade error
That's brand new (the bug entry). I'll try it in a bit. -AJ - Original Message - From: Derek Sims To: efw-user@lists.sourceforge.net Sent: Thursday, November 04, 2010 9:55 AM Subject: Re: [Efw-user] Upgrade error Has anybody tried the work around proposed in http://bugs.endian.com/view.php?id=3246 DS On 04/11/2010 12:49, AJ Weber wrote: Sorry, I don't understand where you entered your UPGRADED variable. Did you set that in the shell before re-running the script, or did you insert that into the script-file, or did you put that on the command line? Thanks for sharing! -AJ - Original Message - From: Elmar Natter To: efw-user@lists.sourceforge.net Sent: Thursday, November 04, 2010 4:24 AM Subject: Re: [Efw-user] Upgrade error 2010/11/4 Stéphane Parenton steph...@parenton.com Le 03/11/2010 21:36, Elmar Natter a écrit : 2010/11/3 AJ Weber awe...@comcast.net I got this too! Anyone know what this means? I don't think I added or changed anything in the init.d directory. -AJ From: Stéphane Parenton steph...@... Subject: Upgrade error Date: 2010-11-03 18:45:50 GMT (1 hour and 43 minutes ago) Hello, I've just tried the efw-upgrade, and here's the result of the jury : Committing transaction... Preparing... [ 0%] error: file /etc/init.d conflicts between attempted installs of initscripts-2.4.1-0.endian9.i586 and chkconfig-1.3.11.2-1.i586 ERROR: Error during upgrade any hints ? stephane I tried again this morning and did this : First of all, i ran efw-upgrade again.. it failed just like yesterday. As efw-upgrade ran with the same parameter as yesterday, i wanted to see where i could bypass the reload in the script. I put UPGRADED=/etc/upgrade/upgrade.d in comment and rerun efw-upgrade. it seems it has worked ok. Now my box is labelled 2.4.1 so evertyhting is ok... I don't know wether UPGRADED=/etc/upgrade/upgrade.d is important or not in the script so i don't recommend people to do the same... still it worked for me. is it chance ? coincidence ? Yes, I can confirm this. After this it worked flawless. E. -- -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Upgrade error
I tried this and can confirm it worked. -AJ - Original Message - From: Derek Sims To: efw-user@lists.sourceforge.net Sent: Thursday, November 04, 2010 9:55 AM Subject: Re: [Efw-user] Upgrade error Has anybody tried the work around proposed in http://bugs.endian.com/view.php?id=3246 DS On 04/11/2010 12:49, AJ Weber wrote: Sorry, I don't understand where you entered your UPGRADED variable. Did you set that in the shell before re-running the script, or did you insert that into the script-file, or did you put that on the command line? Thanks for sharing! -AJ - Original Message - From: Elmar Natter To: efw-user@lists.sourceforge.net Sent: Thursday, November 04, 2010 4:24 AM Subject: Re: [Efw-user] Upgrade error 2010/11/4 Stéphane Parenton steph...@parenton.com Le 03/11/2010 21:36, Elmar Natter a écrit : 2010/11/3 AJ Weber awe...@comcast.net I got this too! Anyone know what this means? I don't think I added or changed anything in the init.d directory. -AJ From: Stéphane Parenton steph...@... Subject: Upgrade error Date: 2010-11-03 18:45:50 GMT (1 hour and 43 minutes ago) Hello, I've just tried the efw-upgrade, and here's the result of the jury : Committing transaction... Preparing... [ 0%] error: file /etc/init.d conflicts between attempted installs of initscripts-2.4.1-0.endian9.i586 and chkconfig-1.3.11.2-1.i586 ERROR: Error during upgrade any hints ? stephane I tried again this morning and did this : First of all, i ran efw-upgrade again.. it failed just like yesterday. As efw-upgrade ran with the same parameter as yesterday, i wanted to see where i could bypass the reload in the script. I put UPGRADED=/etc/upgrade/upgrade.d in comment and rerun efw-upgrade. it seems it has worked ok. Now my box is labelled 2.4.1 so evertyhting is ok... I don't know wether UPGRADED=/etc/upgrade/upgrade.d is important or not in the script so i don't recommend people to do the same... still it worked for me. is it chance ? coincidence ? Yes, I can confirm this. After this it worked flawless. E. -- -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Fw: EFW Community Update 2.4.1
Endian [Focus On/Newsletter]: TITLEAnyone know where this update actually is (to be downloaded), and what the update procedures would be for an existing 2.4(.0) box? Thanks, AJ - Original Message - From: Endian Community To: Aaron Sent: Wednesday, November 03, 2010 11:57 AM Subject: EFW Community Update 2.4.1 Having trouble viewing this email? View it in your browser. Endian Firewall Community Update 2.4.1 The update for Endian Firewall Community to version 2.4.1 is now available! This release introduces the following new features: a.. General a.. Japanese is now a fully supported language b.. SHA1 is now used instead of MD5 as default hash algorithm wherepossible (#1796) c.. A web console has been added d.. The system console has been replaced by efw-shell b.. System a.. Kernel has been updated to LTS version 2.6.32.24 b.. Amavisd-new has been updated to version 2.6.4 c.. Snort has been updated to version 2.8.6.1 d.. Template language has been switched to mako to speed up EMI e.. Hooks that will be triggered on shutdown have been added to /etc/rc.d/halt (#2875) f.. All system logs has been added to the log viewer and is now set as default (#549) g.. netstatus.cgi has been rewritten to recognize NICs that are faster than 100Mb/s c.. DNS Proxy a.. Randomized mirror usage and switching from cron to anacron to decrease the load on malwaredomains.com (#3113) d.. SMTP Proxy a.. Support for Japanese emails has been added to the spam filter b.. RBL lists have been updated (#2020) c.. File extension list has been updated d.. Spam subject is now optional (#2781) e.. Support for 7z archives has been added e.. ClamAV Antivirus a.. ClamAV has been updated to version 0.96.3 b.. Bytecode compiled patterns have been enabled (#2882) c.. Google safebrowsing signatures have been enabled f.. Firewall a.. BADTCP filtering can now be disabled (#3152) b.. A logic for classifying bridged OpenVPN traffic in a dynamic way has been added c.. An OpenVPN interface has been added to the firewall GUIs in case of the OpenVPN server not being bridged g.. OpenVPN Server a.. It is now possible to select to which zone the server should be bridged b.. It is now possible not to bridge the server but to run it in a separate subnet on its tap interface h.. IPSEC a.. Openswan has been updated to version 2.6.29 REMOVED FEATURES a.. SIP Proxy Your Endian Team © Copyright 2010 Endian - All rights reserved - Various trademarks held by their respective owners You're receiving this newsletter because you are in our contact list. If you no longer wish to receive e-mail from Endian, unsubcribe clicking here. -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] WAN load balancing
The community version won't do WAN load-balancing (unless it changed very recently). I tried to hack at it once, and you could probably get it running if you have static WAN addresses, but it's probably not worth the trouble. It DOES do WAN failover. -AJ - Original Message - From: Lorenzo Milesi lorenzo.mil...@yetopen.it To: efw-user@lists.sourceforge.net Sent: Wednesday, November 03, 2010 1:25 PM Subject: [Efw-user] WAN load balancing Hi. I did some researches on the website but couldn't figure out if EFW community is capable of doing WAN load balancing, that is if you have 2 DSL of 10mb each get an uplink of 20mb total. It's clear stated on the enterprise pages, but not on the community ones. I see in EFW web ui that it's possible to have multiple wan, in fallback, but I cannot test if load balancing is available as well. Anyone did? thanks -- Lorenzo Milesi - lorenzo.mil...@yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 6070 222 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it D.Lgs. 196/2003 Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Fw: EFW Community Update 2.4.1
I don't think RESPIN means 2.4.1 at all. In fact, the embedded date in the download filename leads me to believe this is the May 28, 2010 (2.4.0) release. -AJ - Original Message - From: Jason Oglesby phibro...@gmail.com To: efw-user@lists.sourceforge.net Sent: Wednesday, November 03, 2010 1:00 PM Subject: Re: [Efw-user] Fw: EFW Community Update 2.4.1 The link is: http://sourceforge.net/projects/efw/files/Development/EFW-2.4-RESPIN/EFW-COMMUNITY-2.4-201005280528-RESPIN.iso/download does the RESPIN mean its 2.4.1? I went and double checked and just noticd that... On Wed, Nov 3, 2010 at 11:54 AM, Davide Cottignoli davidecottign...@racine.ra.it wrote: By efw-upgrade. This lead to update a lot of packages. I don't see in meanwhile any ISO images from sourceforge. Il 03/11/2010 17:47, AJ Weber ha scritto: Anyone know where this update actually is (to be downloaded), and what the update procedures would be for an existing 2.4(.0) box? Thanks, AJ -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Fw: EFW Community Update 2.4.1
Endian [Focus On/Newsletter]: TITLECould you not just port-forward for your VOIP? I'm not really sure why the proxy was necessary. -AJ - Original Message - From: compdoc To: 'AJ Weber' ; efw-user@lists.sourceforge.net Sent: Wednesday, November 03, 2010 3:35 PM Subject: RE: [Efw-user] Fw: EFW Community Update 2.4.1 I backed up my firewall, ran ‘efw-upgrade,’ and it worked perfectly. Kept all my settings, etc. Thanks ppl! I was using the sip proxy, tho. Guess I’ll run something in a virtual machine to replace its loss. Any recommendations for a sip proxy distro? Thanks again, compdoc -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Upgrade error
I got this too! Anyone know what this means? I don't think I added or changed anything in the init.d directory. -AJ From: Stéphane Parenton steph...@... Subject: Upgrade error Date: 2010-11-03 18:45:50 GMT (1 hour and 43 minutes ago) Hello, I've just tried the efw-upgrade, and here's the result of the jury : Committing transaction... Preparing... [ 0%] error: file /etc/init.d conflicts between attempted installs of initscripts-2.4.1-0.endian9.i586 and chkconfig-1.3.11.2-1.i586 ERROR: Error during upgrade any hints ? stephane -- Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Temp Monitoring and Shutdown?
Is there any watchdog daemon available (or already installed) to configure monitoring CPU/board temps and possibly send alerts and worst-case to shutdown the OS in the event of an extreme overheat situation? Thanks, AJ -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Fixed Lease Hostnames?
I'm truly surprised. No one has run into this issue? -AJ - Original Message - From: AJ Weber To: efw-user@lists.sourceforge.net Sent: Friday, October 01, 2010 10:30 AM Subject: Fixed Lease Hostnames? Besides manually editing the dhcpd.conf file (which I will do as a last-result, because that means I would have to avoid the GUI forever), is there a way to assign the hostname to a fixed dhcp lease/host? Seems pretty obvious and I'm surprised I don't see instructions in the documentation about how to do that. Thanks in advance, AJ-- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Server Fan Control
I think that's a windows utility. Is there a linux port that would work? -AJ - Original Message - From: Healer1 heal...@localnet.com To: AJ Weber awe...@comcast.net; efw-user@lists.sourceforge.net Sent: Friday, October 01, 2010 9:18 AM Subject: Re: [Efw-user] Server Fan Control You Might try Speed Fan from Almico On 9/30/2010 3:41 PM, AJ Weber wrote: Has anyone tried to enable fan control on your endian server? For the server/fw I'm configuring right now, the servers fans are stuck at HIGH all the time. That's a waste of energy (and since I'm still in the same room, it's going to kill my hearing). I'd like to enable some more smart fan control via ACPI if possible. Does anyone know how this could be done? Thanks in advance! -AJ -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Fixed Lease Hostnames?
Besides manually editing the dhcpd.conf file (which I will do as a last-result, because that means I would have to avoid the GUI forever), is there a way to assign the hostname to a fixed dhcp lease/host? Seems pretty obvious and I'm surprised I don't see instructions in the documentation about how to do that. Thanks in advance, AJ-- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Server Fan Control
Right. That will only work for fans connected with a 4pin connector (which has the pwm control). If you have a 3pin power connector from your fan to your MB, it looks like there is nothing you can do with software. Thanks -AJ - Original Message - From: João Seabra To: efw-user@lists.sourceforge.net Sent: Friday, October 01, 2010 12:37 PM Subject: Re: [Efw-user] Server Fan Control Check this nice tutorial from Archlinux. Dont forget to read the letters in bold at the top of the page ;-) http://wiki.archlinux.org/index.php/Fan_Speed_Control Kind Regards, João Seabra On 01-10-2010 16:34, João Seabra wrote: Hi, lm_sensors by itself does't change fan speed. Check in BIOS if you can activate smart control for fans or else you need to use fancontrol/pwmconfig Kind Regards, João Seabra -- Automação e Controlo Industrial, Lda http://www.acontrol.pt João Seabra Parque Empresarial de Eiras, Lote 5 Apartado 8027 | 3020-999 Coimbra Tel: +351 239 918 007 | Fax : +351 239 918 009 -- -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user image001.jpg-- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Server Fan Control
That's awesome information, I had not seen that before. However, I tried the pwmconfig and it couldn't control the fans. (After configuring and checking with sensors, I can see the fan speeds, but can not control them -- or IT can't control them.) Thanks for the info. -AJ - Original Message - From: João Seabra joao.sea...@acontrol.pt To: efw-user@lists.sourceforge.net Sent: Friday, October 01, 2010 2:43 PM Subject: Re: [Efw-user] Server Fan Control I believe you should check this post: http://lime-technology.com/forum/index.php?PHPSESSID=2313166f5c255ac981c83f060ace0cc6topic=5548.msg55834#msg55834 Long time ago, in more than one occasion I was playing with lm_sensors/pwmconfig/fancontrol and I'm sure it was on 3 pin fan.I dont recall ever seeing 4 pin fan on computers/servers. Don't let the 3 wire/pwm confuse you.Just try it ;-) Kind Regards, João Seabra On Fri, 2010-10-01 at 13:38 -0400, AJ Weber wrote: Right. That will only work for fans connected with a 4pin connector (which has the pwm control). If you have a 3pin power connector from your fan to your MB, it looks like there is nothing you can do with software. Thanks -AJ - Original Message - From: João Seabra To: efw-user@lists.sourceforge.net Sent: Friday, October 01, 2010 12:37 PM Subject: Re: [Efw-user] Server Fan Control Check this nice tutorial from Archlinux. Dont forget to read the letters in bold at the top of the page ;-) http://wiki.archlinux.org/index.php/Fan_Speed_Control Kind Regards, João Seabra On 01-10-2010 16:34, João Seabra wrote: Hi, lm_sensors by itself does't change fan speed. Check in BIOS if you can activate smart control for fans or else you need to use fancontrol/pwmconfig Kind Regards, João Seabra -- Automação e Controlo Industrial, Lda http://www.acontrol.pt João Seabra Parque Empresarial de Eiras, Lote 5 Apartado 8027 | 3020-999 Coimbra Tel: +351 239 918 007 | Fax : +351 239 918 009 __ -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev __ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Server Fan Control
Has anyone tried to enable fan control on your endian server? For the server/fw I'm configuring right now, the servers fans are stuck at HIGH all the time. That's a waste of energy (and since I'm still in the same room, it's going to kill my hearing). I'd like to enable some more smart fan control via ACPI if possible. Does anyone know how this could be done? Thanks in advance! -AJ -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bridge Mode?
OK, some of this discussion (all of which has been helpful and great, thank you) has gotten me thinking... If I'm going to manually configure the proxy and filtering. Should I actually just leverage Endian's distro as an appliance that sits ON the LAN, but not as a network bridge/router in the middle of it? In other words, just connect Endian as another server on the LAN and set my PCs manually to leverage that server/address to leverage the filters and proxies? I realize I could go completely manually configure a Linux distro to do all that, but if Endian already has all the packages installed and a nice GUI/web app to manage it, why not use it? Is this possible? In theory I would only need a Green interface, though I could still setup a Red interface as well. Thanks again, AJ - Original Message - From: Fernando Cabrera To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Thursday, September 23, 2010 12:34 PM Subject: Re: [Efw-user] Bridge Mode? Ok , now i understand what you wish to accomplish + === +---+ +---+ +-+ WAN | | Load Balancer | = | Endian Bridge | | LAN | + === +---+ +---+ +-+ Been there ... done that The endian will work as a bridge in your network and you need: a.. two interfaces, one goes connected to the lan switch, the other one goes to the load balancer. b.. when configuring the endian both interfaces goes to the green zone, and the red zone configure it as gateway and put the lan ip address of your load balancer. c.. in your firewall rules filter traffic using input interface and output interface. d.. Configure the proxy's you wish to use, as a general rule try to use explicit proxy in the http proxy configuration an manually configure the proxy in your clients. If you got Active Directory you coud enable integration and use group based profiles (work like a charm in win 2003, buggy in win 2008). e.. the default gateway of your network will be your Load balancer. your endian will sit silently in the middle filtering traffic because is acting like a bridge, every thing that receive in one interface it forward it to the other interface, only that before its forward the traffic it will apply firewall rules and proxy rules (SMTP, HTTP, POP3,etc). I'll gladly help you if you got problems. FERNANDO CABRERA JARAMILLO On Thu, Sep 23, 2010 at 10:08 AM, AJ Weber awe...@comcast.net wrote: Thanks everyone for the input. -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Bridge Mode?
Hi All, I was a Endian user for a good while, then went away from it for a few years (no comments/flames, please). I'm looking to put something back in, behind a decent router that has probably enough FW features for my use. Thus, I'm considering putting a box in between the FW/router and the LAN for other UTM and caching (anti-spam, anti-virus, squid, dansguardian all features I'd like to make use of). I'd prefer not to double-NAT connections where I don't have to, so I am considering inserting a box in bridge-mode. Can Endian 2.4 do this? Thanks in advance, AJ -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Bridge Mode?
Nah, it's not even the cable modem. I have two incoming, DHCP lines (FiOS and Cable), and need a stable, load-balancing router. So I use a dedicated piece of H/W for that, which also, of course, has a pretty decent FW. (I have long wished for the true load-balancing functionality to come to Endian and even hacked at it myself a long while back. But now that I have the dedicated HW, I'll just leverage it on the front.) I guess I could use the zone between the dedicated router and the Endian box as a DMZ and setup Endian in a more traditional, firewall sense. Must think it through a little more. Thanks everyone for the input. -AJ - Original Message - From: compdoc To: efw-user@lists.sourceforge.net Sent: Thursday, September 23, 2010 10:18 AM Subject: Re: [Efw-user] Bridge Mode? My cable modem doesn't have nat, but it's usually easy enough to disable nat in a broadband modem. Not that there's anything wrong with double nats. From: Fernando Cabrera [mailto:balama...@gmail.com] Sent: Thursday, September 23, 2010 7:35 AM To: AJ Weber; efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Bridge Mode? Yeah, its esay, configure your red interface as Gateway. That's how i'm doing it. FERNANDO CABRERA JARAMILLO On Thu, Sep 23, 2010 at 7:53 AM, AJ Weber awe...@comcast.net wrote: Hi All, I was a Endian user for a good while, then went away from it for a few years (no comments/flames, please). I'm looking to put something back in, behind a decent router that has probably enough FW features for my use. Thus, I'm considering putting a box in between the FW/router and the LAN for other UTM and caching (anti-spam, anti-virus, squid, dansguardian all features I'd like to make use of). I'd prefer not to double-NAT connections where I don't have to, so I am considering inserting a box in bridge-mode. Can Endian 2.4 do this? Thanks in advance, AJ -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Local hostnames - DHCP
Did you try adding your domain-name after the hostname? If that works, then you might have to add (probably uncomment) a line in the dnsmasq.conf file to auto-append it. I think you can do that on a windows client as well by setting the dns search order (Append these suffixes...) in TCP settings. Maybe that helps. -AJ - Original Message - From: Philip Trickett (List) phil...@techworks.ie To: efw-user@lists.sourceforge.net Sent: Monday, March 02, 2009 6:42 AM Subject: [Efw-user] Local hostnames - DHCP Hi, I was just wondering if it is possible to have resolving local hostnames for machines that get the IP addresses from DHCP? e.g. If I connect a laptop (laptop1) to the network, and then try to ping it on the network: ping laptop1 I get: ping: unknown host laptop1 I can see the host names in the DHCP part of the services tab. I upgraded to endian from IPCop, and under IPCop all local hostnames would resolve correctly. Could this be due to the way it has been configured? Thanks, Phil -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian address to the community / release 2.2
Refreshing note. Best of luck in your new position, and I look forward to a more participatory structure in the future! -AJ - Original Message - From: Chris Mair To: efw-user@lists.sourceforge.net Sent: Tuesday, October 07, 2008 11:57 AM Subject: [Efw-user] Endian address to the community / release 2.2 Hello EFW Users everywhere, my name is Chris Mair -- I'm the new CTO of Endian Srl. While gathering feedback from this list and our bugtracker I've come to understand there is mounting confusion and doubts about our release strategy (or lack thereof ;) and our community strategy. I wish to address these. Let me get one thing straight from the beginning. Endian Srl is a commercial company. We're in the game for the money. Like others and unlike most, we stick 100% to Open Source. Open Source is not just a shell phrase for us, it means two things, it's a kind of license we attach to the software we release as well as a development model. So far we got the license straight (EFW is and will always be Open Source Software, Free Software, call it by any name -- as is the Enterprise addition, as is everything installed on the appliances we sell), but we failed to build up a community development process. One of my tasks is to do better. I wish to involve the community more. I wish to give updates to the EFW systems out there and I wish to open up that repository a lot of you are waiting for, so you can track the stable releases better. I am, however, missing resources to do all this *now*. Remember: we're an Open Source Shop with a sort of closed development process right now. If there was a single button I could push to change that, I'd do that now. Alas there's 1000 buttons and I'm just starting to figuring out in what order to push them... So, this is to let you know I'm working on it, the whole development team is working on it and yes, we do listen to you. I promise I'll keep you up to date on this. Release time. Today, we're releasing EFW 2.2 RC3. Please consider this as final as we ever get with 2.2. We call it RC3, because it's missing infrastructure more than it's missing anything else (I mentioned I wish to give you updates in the future). If you're still on EFW 2.1, now is the time to get to 2.2. If you're a developer, expect more from as as soon as I get those 1000 buttons figured out... CU on the lists :) Bye, Chris. PS: remember: if you are an enterprise customer, we got you always covered: just use the support channels you got when you bought your appliance. -- :: e n d i a n :: open source - open minds :: chris mair :: http://www.endian.com - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Replacement for SARE rules???
OK, I'll admit it, my sa-update with SARE (and std) spamassassin rules was working for so long that I have not paid any attention to the SARE site. Apparently the ninjas are not updating the rules any longer. :(( Does anyone know of a suitable replacement for daily (or even more frequent) SA rules updates??? Thanks in advance, AJ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Replacement for SARE rules???
Oh, my updates were working fine. And you can continue to run the scripts, but according to the SARE homepage, they're no longer updating the rules, so it won't do you any good. (And openprotect uses their rules too.) - Original Message - From: Bill Pye To: efw-user@lists.sourceforge.net Sent: Monday, September 08, 2008 10:22 AM Subject: Re: [Efw-user] Replacement for SARE rules??? Hi - AJ Weber [EMAIL PROTECTED] wrote: OK, I'll admit it, my sa-update with SARE (and std) spamassassin rules was working for so long that I have not paid any attention to the SARE site. Apparently the ninjas are not updating the rules any longer. :(( Does anyone know of a suitable replacement for daily (or even more frequent) SA rules updates??? Thanks in advance, AJ These three links will give you the details you need: http://wiki.apache.org/spamassassin/SareChannels http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt http://saupdates.openprotect.com/ I use the rules update with my Zimbra mail server without problems. Regards Bill - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.2RC2 Contentfilter not working?
I just tested adding a site explicitly to the blacklist. This worked immediately (it blocked access to the site, displayed the expected blocked url message, and logged it). It seems like the scoring is the part that isn't working properly (and I can't tell if the PICS is working properly, I don't know a good way to test it, but if it should be blocking porno sites, then it's not working either). Any ideas on how to troubleshoot this? Does anyone have the content filter (dansguardian) working with 2.2??? Thanks, AJ - Original Message - From: toby To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Sunday, September 07, 2008 11:10 PM Subject: Re: [Efw-user] EFW 2.2RC2 Contentfilter not working? Hello AJ, I am experiencing the same issue however with EFW 2.1.2. I have yet to figure out what is going on. I will update your thread if I find anything and keep an eye on yours if you find a solution. Regards, Eric. On Sun, Sep 7, 2008 at 2:02 PM, AJ Weber [EMAIL PROTECTED] wrote: I'm testing the RC2 release, and I tried enabling the content filter with a very low threshold (tried 50 then 20). Edited the default policy and have one rule: Content filter only -- enabled what seems like 24x7. Enabled the proxy on 8080 with No Authentication. Updated my browser to use the proxy on 8080. I can search and display pages with some seriously naughty stuff. I also noticed that the rule enabled graph that shows-up in previous versions below the rule-list, doesn't show at all. It's blank space and the legend is at the bottom. When I try surfing thru the proxy, I DO see squid and dansguardian procs pop to the top (using top), but they don't seem to be filtering anything. Am I missing something here? Thanks, AJ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian 2.2 RC2 Release Date
Agree with Steven, I've repeatedly asked (and searched for) the latest developer's release/build so that I could add some features and tweaks to the distro. And I would happily release those back to Endian and the community if I was successful in my endeavors. Alas, there's absolutely no response when you ask for the source of the open-source. I still use it and I too love it, but it's really troubling the way they seem to be functioning these days... :( -AJ - Original Message - From: Steven Sher To: efw-user@lists.sourceforge.net Sent: Thursday, June 26, 2008 7:25 AM Subject: Re: [Efw-user] Endian 2.2 RC2 Release Date Intentionally or unintentionally Endian have created a environment that does not really allow the community to participate fully, or easily at least. Endian keeps things very close to their chest so to speak. Buying the commercial package is simply not in the budget at this stage and does not conform to our philosophy. I would be more than happy to buy Endian for commercial support when required. I would love to offer testing on updated releases and provide feedback, if there was something being released. By simply requesting for information that clearly other people are looking for as well, is this not participating? In Short Endian does not really allow us community members to contribute easily. I would like to get some feedback from Endian on my thoughts. Steven From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paulus Agung Sent: 26 June 2008 03:22 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Endian 2.2 RC2 Release Date IMHO, If you love it, maybe you can donate, participate or buy the commercial version to support and speed-up the development. ~paulus agung -- - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Understanding Endian Load Balancing Feature
It's listed as an explicit feature of the appliances and the production software, but not in the community edition. I would love to hear differently, but last time I asked, I got a reply from one of the developers and they said it was NOT there. Snippet of email RE 2.2 Beta 1 below: Will this release support multiple WAN/RED interfaces -- with each using DHCP -- for load balancing and/or failover??? Yes, multiple uplinks are possible, in failover mode and/or up at the same time. Load balancing is not possible due to a problem with the current kernel. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] - Original Message - From: Ruald Andreae To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Tuesday, April 22, 2008 5:35 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature as far I know the new 2.2 version includes load balancing. When i tested it I could see in vmware traffic going through all interfaces and the graphs reflected traffic going through all int's as well. AJ Weber wrote: Unless this has changed very, very recently (and I would love to hear it), there is no outbound load balancing for multiple RED uplinks. There is automated failover, but no load balancing. It's a feature request I have been begging for, and would really round-out the uplink features substantially. -AJ - Original Message - From: Gregory Machin To: efw-user@lists.sourceforge.net Sent: Thursday, April 17, 2008 9:23 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature Allie Syadiqin wrote: Hi, I intend to try and install Endian Firewall 2.2 but I need help understanding the load balancing feature as there is really not much info about it (or I probably just don't understand what I am reading in the documentation :P ). Anyway, assuming that I have 2 webservers, both running the same sites, with different internal IP addresses (kind of a redundant setup), can the Endian Firewall load balance the external traffic going to the webservers? Webserver 1 : Listening on IP 10.1.1.2 http://10.1.1.2/ port 80 Webserver 2 : Listening on IP 10.1.1.3 http://10.1.1.3/ port 80 Basically, what I am asking is whether using Endian Firewall 2.2 load balancing feature eliminate me from having 2 separate dedicated high-availability load-balancers (Heartbeat/HAProxy) behind the firewall. Thanks and hope someone can enlighten me. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user By my understanding of the text the load balancing is for balancing lan connectivity to the internet ie u have 2 adsl lines and want to spread the load of interested access across the two lines. to load balance between to http servers or any other for that matter would require dns load balancing or one incoming line connecting to a load balancing server in front of the servers. I'm open to correction but thats the short story .. -- Gregory Machin CT-Net www.ct-net.org [EMAIL PROTECTED] phone : +27 12 379 3497 fax : +27 12 379 4113 Cell : +27 72 524 8096 humans do not use the address below its for trapping spam. spamtrap [EMAIL PROTECTED] - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save
Re: [Efw-user] Understanding Endian Load Balancing Feature
I honestly don't know if/when they will fix it. Really it's a Feature Request, not a bug. The developers must be very busy, as Peter (amongst others, I think) is typically pretty responsive and participates in the mailing-list. He would probably be able to give you the best response as to where it is, and when we should fully expect it. Best of luck. -AJ - Original Message - From: Ruald Andreae To: AJ Weber Cc: efw-user@lists.sourceforge.net Sent: Tuesday, April 22, 2008 9:41 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature that is truly dissapointing to hear. are they planning on fixing it? and why do the graphs show traffic? still curious about my other questions about failover not working automatically On Tue, Apr 22, 2008 at 2:29 PM, AJ Weber [EMAIL PROTECTED] wrote: It's listed as an explicit feature of the appliances and the production software, but not in the community edition. I would love to hear differently, but last time I asked, I got a reply from one of the developers and they said it was NOT there. Snippet of email RE 2.2 Beta 1 below: Will this release support multiple WAN/RED interfaces -- with each using DHCP -- for load balancing and/or failover??? Yes, multiple uplinks are possible, in failover mode and/or up at the same time. Load balancing is not possible due to a problem with the current kernel. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] - Original Message - From: Ruald Andreae To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Tuesday, April 22, 2008 5:35 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature as far I know the new 2.2 version includes load balancing. When i tested it I could see in vmware traffic going through all interfaces and the graphs reflected traffic going through all int's as well. AJ Weber wrote: Unless this has changed very, very recently (and I would love to hear it), there is no outbound load balancing for multiple RED uplinks. There is automated failover, but no load balancing. It's a feature request I have been begging for, and would really round-out the uplink features substantially. -AJ - Original Message - From: Gregory Machin To: efw-user@lists.sourceforge.net Sent: Thursday, April 17, 2008 9:23 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature Allie Syadiqin wrote: Hi, I intend to try and install Endian Firewall 2.2 but I need help understanding the load balancing feature as there is really not much info about it (or I probably just don't understand what I am reading in the documentation :P ). Anyway, assuming that I have 2 webservers, both running the same sites, with different internal IP addresses (kind of a redundant setup), can the Endian Firewall load balance the external traffic going to the webservers? Webserver 1 : Listening on IP 10.1.1.2 http://10.1.1.2/ port 80 Webserver 2 : Listening on IP 10.1.1.3 http://10.1.1.3/ port 80 Basically, what I am asking is whether using Endian Firewall 2.2 load balancing feature eliminate me from having 2 separate dedicated high-availability load-balancers (Heartbeat/HAProxy) behind the firewall. Thanks and hope someone can enlighten me. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user By my understanding of the text the load balancing is for balancing lan connectivity to the internet ie u have 2 adsl lines and want to spread the load of interested access across the two lines. to load balance between to http servers or any other for that matter would require dns load balancing or one incoming line connecting to a load balancing server in front of the servers. I'm open to correction but thats
Re: [Efw-user] Where are the latest DEVEL [s]rpms ?
Thanks for the reply, Mike. Appreciate your time and knowledge. -AJ - Original Message - From: Mike Tremaine To: efw-user@lists.sourceforge.net Sent: Tuesday, April 22, 2008 11:16 AM Subject: Re: [Efw-user] Where are the latest DEVEL [s]rpms ? AJ Weber wrote: I'd like to do some development and testing (and would gladly provide the results back to the community), but need to acquire the latest devel-RPMS and SRPMS so I have a valid starting-point. The latest ones listed on the endian site are for 2.1.1. Are the latest 2.2-Beta3 ones available? If not, does anyone have recommendations on how to get started with a valid build-platform? Thanks in advance! -AJ As far as is known their is no SRPMS yet. The EFW team uses a chroot jail build system for their development which makes it harder to just release the devel setup as their is no Stand alone dev system. [AFAIK]. You can try to use the 2.1 system and boot strap your way to 2.2beta but you are probably better off waiting for the full release. Again AFAIK the base system is RHEL/Centos 4.x based with some newer packages here and there as needed. -Mike - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Understanding Endian Load Balancing Feature
Unless this has changed very, very recently (and I would love to hear it), there is no outbound load balancing for multiple RED uplinks. There is automated failover, but no load balancing. It's a feature request I have been begging for, and would really round-out the uplink features substantially. -AJ - Original Message - From: Gregory Machin To: efw-user@lists.sourceforge.net Sent: Thursday, April 17, 2008 9:23 AM Subject: Re: [Efw-user] Understanding Endian Load Balancing Feature Allie Syadiqin wrote: Hi, I intend to try and install Endian Firewall 2.2 but I need help understanding the load balancing feature as there is really not much info about it (or I probably just don't understand what I am reading in the documentation :P ). Anyway, assuming that I have 2 webservers, both running the same sites, with different internal IP addresses (kind of a redundant setup), can the Endian Firewall load balance the external traffic going to the webservers? Webserver 1 : Listening on IP 10.1.1.2 http://10.1.1.2/ port 80 Webserver 2 : Listening on IP 10.1.1.3 http://10.1.1.3/ port 80 Basically, what I am asking is whether using Endian Firewall 2.2 load balancing feature eliminate me from having 2 separate dedicated high-availability load-balancers (Heartbeat/HAProxy) behind the firewall. Thanks and hope someone can enlighten me. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user By my understanding of the text the load balancing is for balancing lan connectivity to the internet ie u have 2 adsl lines and want to spread the load of interested access across the two lines. to load balance between to http servers or any other for that matter would require dns load balancing or one incoming line connecting to a load balancing server in front of the servers. I'm open to correction but thats the short story .. -- Gregory Machin CT-Net www.ct-net.org [EMAIL PROTECTED] phone : +27 12 379 3497 fax : +27 12 379 4113 Cell : +27 72 524 8096 humans do not use the address below its for trapping spam. spamtrap [EMAIL PROTECTED] - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Speaking of load-balancing
I was looking at the lokiwall scripts... I know just enough to be dangerous. (about IPTables and routing) With the minor patch(es) required, and some tweaking of the scripts and merging into the endian community ed scripts, this should NOT be a major ordeal to get working and stable. I would volunteer to work with someone (or some people) to get this done. I don't know if there's a current (say current-beta) build with gcc, kernel sources, etc., available, or how to get one running. But if we had that, it wouldn't take all that long to build a POC/beta version with the patches and scripts integrated, AFAIK. Now, after a review of their scripts, and the required patches, _I_ don't see any issue getting it merged. Does anyone out there have knowledge to the contrary, before I waste time, and run into a brick wall that others already know about??? If not, if anyone can give me some direction as to getting a endian build machine running, I could start the process. -AJ- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Digital Signatures in Emails
Just trying to rule things out here... If I digitally sign an email, then it gets forwarded through Endian FW (Community Ed. 2.2b1), should the digitally signed email be altered and show an error-message at the recipient's end? I don't think it should, especially because I'm running the POP3 Proxy, but NOT the SMTP one. Why and where is my email getting tampered with??? -AJ- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Digital Signatures in Emails
Hmm. Good idea. Thanks. - Original Message - From: Carlos Leal To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Thursday, February 14, 2008 12:22 PM Subject: Re: [Efw-user] Digital Signatures in Emails Look at your ISP. I seem to have read something about Comcast processing TCP streams. --Carlos On Feb 14, 2008, at 9:46 AM, AJ Weber wrote: Just trying to rule things out here... If I digitally sign an email, then it gets forwarded through Endian FW (Community Ed. 2.2b1), should the digitally signed email be altered and show an error-message at the recipient's end? I don't think it should, especially because I'm running the POP3 Proxy, but NOT the SMTP one. Why and where is my email getting tampered with??? -AJ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EV-DO or other 3G support
You can't load balance with Endian (Community Version) yet anyway. But the EV-DO USB would be a neat backup (if you want to pay the $50/month for service versus a LOT cheaper for faster DSL or Cable or FiOS as a backup), I guess. :) - Original Message - From: John T. Yocum To: efw-user@lists.sourceforge.net Sent: Thursday, February 07, 2008 5:59 PM Subject: [Efw-user] EV-DO or other 3G support Hello, Tried searching for this, but didn't find anything. Does anyone know if the latest beta or other version of Endian supports EV-DO or other 3G devices for the WAN/RED interface? I am specifically looking to use a Novatel USB720, which I know works under Linux. My hope is to load balance my EV-DO connection with a 768K DSL connection. Thanks, John - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] SSh Attack
Just to clarify, since this is pretty sensitive and I want to make sure I read the docs and the actual fw config right...SSH is only available to GREEN unless you take some additional steps to explicitly allow it from RED, right? -AJ - Original Message - From: Peter Warasin To: efw-user@lists.sourceforge.net Sent: Friday, January 18, 2008 11:37 AM Subject: Re: [Efw-user] SSh Attack Carlos Leal wrote: The use of port 22 in place of a less well known port makes it more vulnerable to automated attacks. This is why IPCop , which was the inspiration for this product uses port 222 for ssh. To be honest, that's security by obscurity, therefore we removed that. It makes more sense to use the standard ports and to block the access completely for the unauthorized. Simply open the port within system access only for your ip addresses, disable ssh and enable it only when you need, or connect through vpn. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] -- - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] local NTP Service not working?
Can someone give me some ideas on how to troubleshoot the NTP service on EFW 2.2b1? None of my LAN clients can query the service, even though it's certainly running on the firewall. I even tried editing the ntp.conf and adding an explicit restrict for my GREEN subnet (allowing query), and restarted it, but that had no effect either. I'm not entirely sure how it would work without adding that config entry either...the ntpd rules seem to state that if you don't have an explicit entry for your subnet (or server), and you have a restrict default in your ntp.conf, it will follow the default (which denies about everything). Any ideas? Maybe I need more coffee... -AJ - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] local NTP Service not working?
Sorry, by EFW 2.2b1, I meant version 2.2 beta 1. From the firewall console, I do get that kind of response: [EMAIL PROTECTED]:/etc/rc.d/init.d # ntpdate -u -q localhost server 127.0.0.1, stratum 3, offset -0.00, delay 0.02568 13 Dec 14:33:44 ntpdate[17531]: adjust time server 127.0.0.1 offset -0.00 sec HOWEVER, from any other linux host on the GREEN network, I get a response such as this: [EMAIL PROTECTED] init.d]# ntpdate -u -q firewall server 192.168.1.127, stratum 0, offset 0.00, delay 0.0 13 Dec 14:35:08 ntpdate[16000]: no server suitable for synchronization found - Original Message - From: Peter Warasin To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Thursday, December 13, 2007 2:21 PM Subject: Re: [Efw-user] local NTP Service not working? Hi AJ AJ Weber wrote: Can someone give me some ideas on how to troubleshoot the NTP service on EFW 2.2b1? which version of efw? try if it works locally: ntpdate -u -q localhost it should print out something like this: server 127.0.0.1, stratum 3, offset 0.00, delay 0.02563 I'm not entirely sure how it would work without adding that config entry either...the ntpd rules seem to state that if you don't have an explicit entry for your subnet (or server), and you have a restrict default in your ntp.conf, it will follow the default (which denies about everything). the restrict keyword does what it says.. it restrict's something. so if you have no restrict line, the access is unrestricted. the default keyword means 0.0.0/0, which is the entire ip space. Probably your ntp is currently to imprecise (if you have a high stratum value) and your clients refuse to update or it's a network problem or ntp does not run. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Disable ping on RED
On either the System access or the Zone firewall (this is 2.2beta menus...you'll have to translate back to 2.1.2), you could add a Source Interface == RED, service = ICMP, policy = drop. I'm sure Peter can clarify which...but it probably would be a good option in the Network Configuration wizard somewhere when configuring the RED interface(s). -AJ - Original Message - From: Kevin Fason To: efw-user@lists.sourceforge.net Sent: Thursday, December 13, 2007 2:49 PM Subject: [Efw-user] Disable ping on RED I happened to ping my public IP from elsewhere on the internet and it answered. How can I stop it from answering pings on RED? I have 2.1.2 - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] local NTP Service not working?
I just noticed the same thing when I was looking for the answer to that Disable Ping from RED question!!! I see it in the System Access list as 119, which is wrong, as you said. 6 ANY GREEN BLUE ORANGE VPN ANY UDP/119 Service (NTP) OK. I'll fix my template locally and restart. Thanks, AJ - Original Message - From: Peter Warasin To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Thursday, December 13, 2007 3:04 PM Subject: Re: [Efw-user] local NTP Service not working? Hi AJ AJ Weber wrote: Sorry, by EFW 2.2b1, I meant version 2.2 beta 1. Ah sorry. i missed it. Wait.. it's a fixed bug, so i did not recognize it. efw 2.2 has now a local firewall for connections going to the box. - System access Each service opens it's ports itself as soon as it needs them. Each service defines those firewall configuration within it's own firewall configuration template file, which are here: /etc/firewall/inputfw/*.conf.tmpl The template for ntp is wrong. The port is 123, not 119. Simply change that value within the template and call restartntp That should do the job peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] pop3 proxy virus scanner
It will scan pop3 and pop3s, but the trick is that you need to configure your email clients (on GREEN) to send pop3 on the pop3s port (995) -- that is, send it unencrypted. When the proxy sees the traffic on 995, it will then encrypt the traffic from the gateway to the intended server. So the traffic is unencrypted only on GREEN, which should be OK for most...but if you need the traffic encrypted from end-to-end (desktop client to POP3s server), then it won't work right. -AJ - Original Message - From: m4him To: efw-user@lists.sourceforge.net Sent: Sunday, December 02, 2007 11:22 AM Subject: [Efw-user] pop3 proxy virus scanner Does the pop3 proxy virus scanner scan ssl pop3 ports or does it only scan port 110? -- View this message in context: http://www.nabble.com/pop3-proxy-virus-scanner-tf4932201.html#a14116973 Sent from the efw-user mailing list archive at Nabble.com. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] 2.2b1 traffic graphs
I'm testing 2.2b1 with two RED NICs, and the RED (uplink) has two different graphs -- named correctly to my two uplinks -- but they both show the exact same traffic patterns over time. Either endian-fw is load-balancing perfectly, or the statistical gathering or analysis or graphing is incorrect. I'm assuming that the main uplink should show all the traffic, and the other should show virtually none. (I have no special routing setup to leverage the idle/backup NIC for any traffic.) Is this my mistake, or a known-or-new issue? -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] sa-update?
I did some searching for this, but didn't find anything concrete... Why is sa-update disabled? How do we update spamassassin's rules on a daily basis? -AJ (FWIW: Testing 2.2 beta 1)- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] SIP/Vonage?
Q: When using the SIP proxy... Do I need to manually then go configure the firewall to allow these ports to be ACCEPTed?? That is, do I configure the traffic from RED, SIP port to be REDIRECTed to the firewall host (siproxd), and then ACCEPT the SIP and RTP ports from RED? Not clear on this, and if that's the case, why it wouldn't be configured automatically as part of configuring the SIP Proxy screen? Thanks, AJ - Original Message - From: AJ Weber To: efw-user@lists.sourceforge.net Sent: Friday, November 09, 2007 2:47 PM Subject: SIP/Vonage? OK...for those of you keeping track ;) ...I swapped my original target host for another one I had lying around. This one works much better. Configured cleanly, etc. QUESTION: Has anyone gotten Vonage hardware to work behind the firewall? Using SIP Proxy, I assume? I found their tech-notes on the ports and it lists this: === Ports used by Vonage Adapters The following ports are needed for OUTGOING Internet communications from the Vonage device to the Vonage servers. DNS: Port 53 UDP TFTP: Port 21, 69, 2400 UDP HTTP: Port 80 UDP NTP: Port 123 UDP SIP: Port 5061 UDP (used for older Vonage devices provisioned before 2005) The following ports are needed for INCOMING and OUTGOING Internet communications from and to Vonage devices and servers. RTP (Voice) Traffic: Ports 1-2 UDP. When a call is made, a random port between 1 and 2 is used for RTP (Voice) traffic. If any of these ports are blocked, you may experience one way or no audio. So I see that the default Outgoing is already set for 80, 53 and 123 (I assume via the NTP Server). I added TFTP 69, 2400 from ANY to RED. *** NOTE: I tried setting this to GREEN -- RED, but it put ANY in there. I don't know how to set that using the rule builder. Anyone? Then I enabled the SIP Proxy and set the SIP port to 5061 and the RTP to 1-2. I Saved and Restarted the proxy. Needless to say, it doesn't work. Does not seem to connect to the Vonage servers. HELP? -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] (beta1) Spamassassin and clamav updates?
How do I update spamassassin with new rules? I see a lot of anti-spam settings in the SMTP proxy area, but very little options under the POP3 proxy. Is this something I have to SSH into the box and do manually? Can I use the auto-update scripts on the internet? Clamav has settings to auto-update on a schedule. But it doesn't seem to be executing. I set it for hourly, but it hasn't updated since I manually forced the last update. Does this use fcron (should I check there)? This is great software, just want to help iron-out the kinks, if I can! -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS)
One built-in NIC. Two PCI cards: an old 3Com and a new(er) Intel gigabit. Three total. - Original Message - From: compdoc To: 'AJ Weber' ; efw-user@lists.sourceforge.net Sent: Thursday, November 08, 2007 4:11 PM Subject: RE: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS) Your system has two built-in nics, or just the 3com? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AJ Weber Sent: Thursday, November 08, 2007 1:35 PM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS) Actual error (repeated multiple times on screen) : modprobe: FATAL: Could not load /lib/modules/2.6.9-55.0.6.EL.endian22-smp/modules.dep: No such file or directory (in case the moderators don't want the pics to come to the list -- maybe that's a faux pas for mailing lists...apologies) - Original Message - From: AJ Weber To: efw-user@lists.sourceforge.net Sent: Thursday, November 08, 2007 3:24 PM Subject: Install Problem with beta1 I'm trying to install beta1 to a PC with a built-in NIC, a 3com 10/100, and an Intel GB NIC. I don't think that matters, and can provide further h/w details, but here's what happens. Everything proceeds smoothly until immediately after Creating Journal on log filesystem..., which is fine -- see first pic attached, and if they don't stay attached, just tell me where to upload them. Immediately after that, I get a bunch of FATAL errors thrown from modprobe (see second pic), I think it thinks it's missing some files? It then allows me to set the IP Address of the Green NIC (but it doesn't allow me to select WHICH NIC I want to be GREEN), and reports a successful install and ready to reboot! (Have pics of that too, but won't attach them unless you want them.) The system reboots and appears to be running -- no errors or warnings during reboot/startup, but I'm very leery of the state that it's in. Can anyone advise me how to troubleshoot? Thanks in advance! -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] SIP/Vonage?
OK...for those of you keeping track ;) ...I swapped my original target host for another one I had lying around. This one works much better. Configured cleanly, etc. QUESTION: Has anyone gotten Vonage hardware to work behind the firewall? Using SIP Proxy, I assume? I found their tech-notes on the ports and it lists this: === Ports used by Vonage Adapters The following ports are needed for OUTGOING Internet communications from the Vonage device to the Vonage servers. DNS: Port 53 UDP TFTP: Port 21, 69, 2400 UDP HTTP: Port 80 UDP NTP: Port 123 UDP SIP: Port 5061 UDP (used for older Vonage devices provisioned before 2005) The following ports are needed for INCOMING and OUTGOING Internet communications from and to Vonage devices and servers. RTP (Voice) Traffic: Ports 1-2 UDP. When a call is made, a random port between 1 and 2 is used for RTP (Voice) traffic. If any of these ports are blocked, you may experience one way or no audio. So I see that the default Outgoing is already set for 80, 53 and 123 (I assume via the NTP Server). I added TFTP 69, 2400 from ANY to RED. *** NOTE: I tried setting this to GREEN -- RED, but it put ANY in there. I don't know how to set that using the rule builder. Anyone? Then I enabled the SIP Proxy and set the SIP port to 5061 and the RTP to 1-2. I Saved and Restarted the proxy. Needless to say, it doesn't work. Does not seem to connect to the Vonage servers. HELP? -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS)
Thanks for the quick reply! I will check on this. Unfortunately, I would want the GigE NIC to be my GREEN interface. Can this be changed (the settings of which NICs are assigned to which zone) later? Still curious about the modprobe error and whether that's going to cause problems later, in case anyone has any ideas on that! Thanks again, AJ - Original Message - From: Carlos Leal To: AJ Weber ; efw-user@lists.sourceforge.net Sent: Thursday, November 08, 2007 4:31 PM Subject: Re: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS) I don't have the beta but 2.1.2 automagically chose the built-in ethernet as Green which allowed me to reach it by ethernet at the private IP assigned on the setup. You can then assign all NICs from the GUI in EFW. Once on, turn on SSH so you'll have a backdoor in. Can't help on the modprobe error. --Carlos On Nov 8, 2007, at 2:34 PM, AJ Weber wrote: Actual error (repeated multiple times on screen) : modprobe: FATAL: Could not load /lib/modules/2.6.9-55.0.6.EL.endian22-smp/modules.dep: No such file or directory (in case the moderators don't want the pics to come to the list -- maybe that's a faux pas for mailing lists...apologies) - Original Message - From: AJ Weber To: efw-user@lists.sourceforge.net Sent: Thursday, November 08, 2007 3:24 PM Subject: Install Problem with beta1 I'm trying to install beta1 to a PC with a built-in NIC, a 3com 10/100, and an Intel GB NIC. I don't think that matters, and can provide further h/w details, but here's what happens. Everything proceeds smoothly until immediately after Creating Journal on log filesystem..., which is fine -- see first pic attached, and if they don't stay attached, just tell me where to upload them. Immediately after that, I get a bunch of FATAL errors thrown from modprobe (see second pic), I think it thinks it's missing some files? It then allows me to set the IP Address of the Green NIC (but it doesn't allow me to select WHICH NIC I want to be GREEN), and reports a successful install and ready to reboot! (Have pics of that too, but won't attach them unless you want them.) The system reboots and appears to be running -- no errors or warnings during reboot/startup, but I'm very leery of the state that it's in. Can anyone advise me how to troubleshoot? Thanks in advance! -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Install Problem with beta1 (POST WITHOUT PHOTOS)
Actual error (repeated multiple times on screen) : modprobe: FATAL: Could not load /lib/modules/2.6.9-55.0.6.EL.endian22-smp/modules.dep: No such file or directory (in case the moderators don't want the pics to come to the list -- maybe that's a faux pas for mailing lists...apologies) - Original Message - From: AJ Weber To: efw-user@lists.sourceforge.net Sent: Thursday, November 08, 2007 3:24 PM Subject: Install Problem with beta1 I'm trying to install beta1 to a PC with a built-in NIC, a 3com 10/100, and an Intel GB NIC. I don't think that matters, and can provide further h/w details, but here's what happens. Everything proceeds smoothly until immediately after Creating Journal on log filesystem..., which is fine -- see first pic attached, and if they don't stay attached, just tell me where to upload them. Immediately after that, I get a bunch of FATAL errors thrown from modprobe (see second pic), I think it thinks it's missing some files? It then allows me to set the IP Address of the Green NIC (but it doesn't allow me to select WHICH NIC I want to be GREEN), and reports a successful install and ready to reboot! (Have pics of that too, but won't attach them unless you want them.) The system reboots and appears to be running -- no errors or warnings during reboot/startup, but I'm very leery of the state that it's in. Can anyone advise me how to troubleshoot? Thanks in advance! -AJ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian Firewall 2.2 Beta 1 released
So basically, manual load balancing now, and rules-based/automatic (sessions, IPs, traffic, round-robin, etc.) later? And really, I'm talking about outbound load-balancing, though inbound would be a great feature too. Do I then assume that failover from RED interface to RED interface _is_ currently possible, even with DHCP on the RED NICs? Thanks again, AJ - Original Message - From: Peter Warasin To: efw-user@lists.sourceforge.net Sent: Monday, October 29, 2007 11:40 AM Subject: Re: [Efw-user] Endian Firewall 2.2 Beta 1 released compdoc wrote: Port forwarding to different internal IPs would be one benefit Exactly. You can use your main uplink for your normal traffic from green and another dedicated uplink for your DMZ, or for a specific or some server/services within your DMZ. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] -- - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian Firewall 2.1.2 released
And multi-RED interfaces for load-balancing and HA, right??? ;) - Original Message - From: Peter Warasin To: efw-user@lists.sourceforge.net Sent: Tuesday, July 10, 2007 11:06 AM Subject: [Efw-user] Endian Firewall 2.1.2 released Ladies and Gentleman, the Endian Team is glad to announce a new release of the Endian Firewall Community verison 2.1.2. The Endian Firewall Community is a turn-key Linux security distribution that turns every system into a full featured security appliance. Designed with “usability in mind”, Endian produced a software that is extremely flexible and very easy to install, use and manage. The Community version has been warmly embraced by the open source community and has so far enjoyed over 150.000 downloads. This new release contains several minor though significant new features and major bugfixes. The 2.1.2 has build up from the 2.1.1 version, fixing the SATA support system and allowing for a wizard after installation that ask to set up the passwords (root and administrator). In addition, this new release enables the possibility of restoring a backup directly after installation, and of blocking incoming connections coming through the VPN [#210]. Moreover, the Endian Firewall Community now includes a 1:1 NAT (for ALL port-forwarding protocol types) and provides added support for EFW as a XEN domU instance. Kernel, glibc, clamav and havp have all been upgraded, and the proxy authentication can now be bypassed for specific ip/mac addresses. The new iso can be downloaded from http://www.endian.com/en/community/download/iso/ The Endian Team -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] -- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Update directory for Endian 2.1 users
Will 2.1 support multiple RED interfaces (with DHCP) ??? Please, oh please, oh please? You mentioned you were moving in a different direction to address this, so I assume it's an active part of the project, but have not heard anything about proposed version-number when that will be released... Thanks, AJ - Original Message - From: Mike Tremaine To: efw-user@lists.sourceforge.net Sent: Friday, June 15, 2007 10:29 AM Subject: [Efw-user] Update directory for Endian 2.1 users Well as promised I have an working Endian 2.1 development install. So I have opened a new downloads directory specifically for 2.1. Better late then never. When 2.1.1 comes out I'll probably rename this directory and start from scratch. http://www.stellarcore.net/downloads/efw2.1-updates/ Also I have a development directory in which I keep all the *-devel packages that I have to build when I want to build one of the updated rpms. http://www.stellarcore.net/downloads/efw2.1-development/ I built and upload the important ones for everyone Clamav, Havp, and efw-clamav [this is what has the new style config templates for clamav.] . So start using this directory instead of the 2.0 releases. -Mike [As side note building a 2.1 development install is much harder then 2.0 besides having to rebuild any -devel package from source rpm at least 2 rpm specs are broken. Ncurses - /var/lib/terminfo not defined, and GMP - horrible problems with libgmpxx.* ] - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Update directory for Endian 2.1 users
I made an invalid assumption that you were one of the core maintainers of the Community Ed. Sorry. My bad. It was Peter W. (who DOES have an endian address) that made the comment, now that I look further back. Can anyone from Endian please comment/reply? Thanks, AJ - Original Message - From: Mike Tremaine To: efw-user@lists.sourceforge.net Sent: Friday, June 15, 2007 10:57 AM Subject: Re: [Efw-user] Update directory for Endian 2.1 users AJ Weber wrote: Will 2.1 support multiple RED interfaces (with DHCP) ??? Please, oh please, oh please? You mentioned you were moving in a different direction to address this, so I assume it's an active part of the project, but have not heard anything about proposed version-number when that will be released... Don't confuse me with the Company Endian that produces this. :) I'm just some guy who is interested enough to build rpm updates and post them on my personal website. Real question should be directed http://www.endian.it/ Or anyone on this list who's email address points at that. -Mike - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] HOW TO - LOAD BALANCE WITH 2 OR MORE RED NICs
Peter, Does this mean we should hold hope for the 2.6-kernel based release that you mentioned? Is that scheduled for 2.2 or later? This Feature Request is getting more and more prevalent, AFAIK. Thanks! -AJ - Original Message - From: Peter Warasin To: efw-user@lists.sourceforge.net Sent: Thursday, May 24, 2007 6:07 AM Subject: Re: [Efw-user] HOW TO - LOAD BALANCE WITH 2 OR MORE RED NICs hi Marco Aurélio wrote: This document worked correctly and without problems. Endian Firewall shows the two red link´s and makes the load-balancing in a correct way. A feather that this easiness is not available in the community version. I hope in the next version this is included. That's because something which seems easy sometimes in reality isn't. We already discussed multiple uplinks with loadbalancing on this (old) forum: http://sourceforge.net/forum/forum.php?thread_id=1510439forum_id=473861 In fact loadbalancing is already implemented, but we have problems with it, which can't be solved with the current kernel. We are now going a different way and solve the problem in a problemless and more flexible way. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] -- - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user